0.10.1

Author: Giorgio Franceschetti

README.md

@@ -272,6 +272,14 @@ When you use the `mongodb+srv` url schema, the "tls" (or "ssl") parameter is imp
 
 You can also use certificates for tls handshake [see this tutorial][19] for more info.
 
+### Authentication
+
+The driver supports three authentication methods:
+
+- SCRAM_SHA_1
+- SCRAM_SHA_256
+- X509. See [here][20] for more details.
+
 ### Atlas (MongoDb cloud service) connection
 
 Atlas requires a tls connection, so now it is possible to connect to this cloud service.
@@ -373,3 +381,4 @@ Last but not least, some commands:
 [17]: https://github.com/mongo-dart/mongo_dart/blob/main/example/manual/watch/watch_on_collection.dart
 [18]: https://github.com/mongo-dart/mongo_dart/blob/main/example/manual/watch/watch_on_collection_insert.dart
 [19]: https://github.com/mongo-dart/mongo_dart/blob/main/doc/manual/connection/simple_connection_no_auth.md
+[20]: https://github.com/mongo-dart/mongo_dart/blob/main/doc/manual/connection/x509_authentication.md

doc/manual/connection/tls_connection_no_auth_client_certificate.md

@@ -112,4 +112,4 @@ or
 
 If the key was password protected you must add also the `tlsCertificateKeyFilePassword` parameter, either in the connection string or as a `db.open()` parameter.
 
-[Prev doc.](tls_connection_no_auth_self_signed_certificate.md)
+[Prev doc.](tls_connection_no_auth_self_signed_certificate.md) - [Next doc.](x509_authentication.md)

doc/manual/connection/x509_authentication.md

@@ -0,0 +1,49 @@
+
+# X509 Authentication
+
+## Prerequisites
+
+For X509 authentication, we have to pass the same parameters like fordar the connection with the client certificate.
+Be careful that at leat one in:
+
+- Organization (O)
+- Organizational Unit (OU)
+- Domain Component (DC)
+
+ must be different between the client and the server certificates.
+
+When you insert the user in the db, you have to store in the "$external" database the credentials. The user must be the subject of the certificate, for example "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry".
+
+```javaScript
+db.getSiblingDB("$external").runCommand(
+  {
+    createUser: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry",
+    roles: [
+         { role: "readWrite", db: "test" },
+         { role: "userAdminAnyDatabase", db: "admin" }
+    ],
+    writeConcern: { w: "majority" , wtimeout: 5000 }
+  }
+)
+```
+
+
+You can extract this from the certificate with the command:
+
+```bash
+openssl x509 -in <pathToClientPEM> -inform PEM -subject -nameopt RFC2253
+```
+
+for more detail give a look to this two pages:
+
+- [Use certificates](https://www.mongodb.com/docs/manual/tutorial/configure-x509-client-authentication/).
+- [X509](https://www.mongodb.com/docs/manual/core/security-x.509/).
+
+## How to Authenticate
+
+Then we have to options:
+
+- Authenticate immediately: for this you have to pass also the parameter `authMechanism=MONGODB-X509` in the connection string. You don't need to pass also the "$external" datbase as authsource because the driver authomatically will set it in case of X509 authentication.
+- Authenticate after connecting: you have to use the `db.authenticateX509()` method after that the connection is in place.
+
+[Prev doc.](tls_connection_no_auth_client_certificate.md)

test/op_msg_read_operation_test.dart

@@ -2016,6 +2016,7 @@ db.runCommand(
             countOptions: CountOptions(
                 readConcern: ReadConcern(ReadConcernLevel.majority)));
 
+        await Future.delayed(Duration(seconds: 3));
         var result = await operation.executeDocument();
 
         expect(result.ok, 1.0);